Skip to content

Same origin CORS logic does not consider scheme or port #30988

Open
Open
Same origin CORS logic does not consider scheme or port#30988
Assignees
Tim-Brooks
Labels
:Distributed/NetworkHttp and internode communication implementations>bug>tech-debtTeam:DistributedMeta label for distributed team.
@Tim-Brooks

Description

@Tim-Brooks
Tim-Brooks
opened on May 31, 2018

When introducing Cors for the nio http server transport, an issue was raised by @tvernum with our current Cors logic. Currently we set the "access-control-allow-origin" response header to to the request "origin" header if the host is the same. This is based on our expectation that this is the same origin.

However, in the Cors sense, an origin is (scheme, host, port). So this logic does not make sense. Additionally, it is not clear if we need to check if the origin is the same as that would not be a cross-origin resource sharing request.

Metadata

Metadata

Assignees

Labels

:Distributed/NetworkHttp and internode communication implementations>bug>tech-debtTeam:DistributedMeta label for distributed team.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions